On Wed, Oct 23, 2002 at 08:45:46AM +0200, Dan Richter wrote:
> I was using Majordomo, but I got scared off when I realized that anyone
> could bypass the list posting restrictions by posting to the correct alias.
> (The normal list alias processes, then redirects to a second alias which
> blindly transmits.) The "blind forward" alias shows up in the headers, so I
> can't even hide it from people. Please reassure me that Mailman does not
> have this vulnerability!
It's quite easy to block inbound mail to majordomo's list exploder
address. If you're using Postfix, just add something like the
following to a recipient access map:
/^(.*)-outgoing@(.*)$/!/^owner-.*/ 550 Use recipient address ${1}@${2} instead.
I don't believe Mailman suffers from the same kind insecurity, though.
--
Jon Parise (jon at csh.rit.edu) :: http://www.csh.rit.edu/~jon/